We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
See the run:
enforce-https
➜ public git:(enforce-https) terraform apply data.aws_caller_identity.current: Refreshing state... data.aws_region.current: Refreshing state... module.aws_es.data.aws_kms_key.aws_es: Refreshing state... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # module.aws_es.aws_cloudwatch_log_group.es_cloudwatch_log_group will be created + resource "aws_cloudwatch_log_group" "es_cloudwatch_log_group" { + arn = (known after apply) + id = (known after apply) + name = "elasticsearch-public-log_group" + retention_in_days = 0 + tags = { + "Owner" = "sysops" + "env" = "dev" } } # module.aws_es.aws_cloudwatch_log_resource_policy.es_aws_cloudwatch_log_resource_policy will be created + resource "aws_cloudwatch_log_resource_policy" "es_aws_cloudwatch_log_resource_policy" { + id = (known after apply) + policy_document = jsonencode( { + Statement = [ + { + Action = [ + "logs:PutLogEvents", + "logs:PutLogEventsBatch", + "logs:CreateLogStream", ] + Effect = "Allow" + Principal = { + Service = "es.amazonaws.com" } + Resource = "arn:aws:logs:*" }, ] + Version = "2012-10-17" } ) + policy_name = "elasticsearch-public-policy" } # module.aws_es.aws_elasticsearch_domain.es_domain will be created + resource "aws_elasticsearch_domain" "es_domain" { + access_policies = jsonencode( { + Statement = [ + { + Action = "es:*" + Condition = { + IpAddress = { + aws:SourceIp = [ + "1.1.1.1", + "2.2.2.2", ] } } + Effect = "Allow" + Principal = { + AWS = "*" } + Resource = "arn:aws:es:us-east-1:144153993531:domain/elasticsearch-public/*" + Sid = "" }, ] + Version = "2012-10-17" } ) + advanced_options = { + "rest.action.multi.allow_explicit_index" = "true" } + arn = (known after apply) + domain_id = (known after apply) + domain_name = "elasticsearch-public" + elasticsearch_version = "7.1" + endpoint = (known after apply) + id = (known after apply) + kibana_endpoint = (known after apply) + tags = { + "Owner" = "sysops" + "env" = "dev" } + advanced_security_options { + enabled = (known after apply) + internal_user_database_enabled = (known after apply) + master_user_options { + master_user_arn = (known after apply) + master_user_name = (known after apply) + master_user_password = (sensitive value) } } + cluster_config { + dedicated_master_count = 3 + dedicated_master_enabled = true + dedicated_master_type = "r5.large.elasticsearch" + instance_count = 3 + instance_type = "r5.large.elasticsearch" + zone_awareness_enabled = true + zone_awareness_config { + availability_zone_count = 3 } } + domain_endpoint_options { + enforce_https = (known after apply) + tls_security_policy = (known after apply) } + ebs_options { + ebs_enabled = true + iops = 0 + volume_size = 25 + volume_type = "gp2" } + encrypt_at_rest { + enabled = true + kms_key_id = "alias/aws/es" } + log_publishing_options { + cloudwatch_log_group_arn = (known after apply) + enabled = (known after apply) + log_type = (known after apply) } + node_to_node_encryption { + enabled = true } + snapshot_options { + automated_snapshot_start_hour = 23 } + timeouts { + update = "60m" } } # module.aws_es.aws_iam_service_linked_role.es[0] will be created + resource "aws_iam_service_linked_role" "es" { + arn = (known after apply) + aws_service_name = "es.amazonaws.com" + create_date = (known after apply) + description = "Service-linked role to give Amazon ES permissions to access your VPC" + id = (known after apply) + name = (known after apply) + path = (known after apply) + unique_id = (known after apply) } Plan: 4 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes module.aws_es.aws_cloudwatch_log_resource_policy.es_aws_cloudwatch_log_resource_policy: Creating... module.aws_es.aws_cloudwatch_log_group.es_cloudwatch_log_group: Creating... module.aws_es.aws_iam_service_linked_role.es[0]: Creating... module.aws_es.aws_cloudwatch_log_resource_policy.es_aws_cloudwatch_log_resource_policy: Creation complete after 1s [id=elasticsearch-public-policy] module.aws_es.aws_cloudwatch_log_group.es_cloudwatch_log_group: Creation complete after 2s [id=elasticsearch-public-log_group] Error: Error creating service-linked role with name es.amazonaws.com: InvalidInput: Service role name AWSServiceRoleForAmazonElasticsearchService has been taken in this account, please try a different suffix. status code: 400, request id: 5729b629-e7f2-472e-b8b8-e5b54a6da256 on ../../iam.tf line 31, in resource "aws_iam_service_linked_role" "es": 31: resource "aws_iam_service_linked_role" "es" {
The text was updated successfully, but these errors were encountered:
No branches or pull requests
See the run:
enforce-https
, commit 3d58343 2020-08-05 | Locked versions of aws and terraform to avoid surprises (HEAD -> enforce-https) [Miro Adamy]The text was updated successfully, but these errors were encountered: